From f846676a7fb6b7d1e5f744c40d531e1d187b8e69 Mon Sep 17 00:00:00 2001
From: Megan Wolf <megan@defenseunicorns.com>
Date: Thu, 1 Feb 2024 11:46:27 -0500
Subject: [PATCH] excluded namespaces for istio-injection

---
 chart/templates/gatekeeper/values.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/chart/templates/gatekeeper/values.yaml b/chart/templates/gatekeeper/values.yaml
index d5c3dc1914..fedff2d2e5 100644
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -103,6 +103,22 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
 
   namespacesHaveIstio:
     enabled: {{ .Values.istio.enabled }}
+    parameters:
+      excludedResources:
+        # Kuberentes control plane does not use Istio
+        - kube-node-lease
+        - kube-public
+        - kube-system
+        # No pods in bigbang / default
+        - bigbang
+        - default
+        # Flux is installed prior to Istio
+        - flux-system
+        # Istio does not inject itself
+        - istio-operator
+        - istio-system
+        # Kyverno is installed prior to Istio
+        - kyverno
 
   {{- if or .Values.fluentbit.enabled .Values.neuvector.enabled }}
   noPrivilegedContainers:
-- 
GitLab